Description
Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets wpsyncsheets-woocommerce.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through <= 1.8.2.
Published: 2025-03-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a missing authorization flaw in the "Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets" plugin, permitting users who should not have access to trigger data export operations. This can lead to unauthorized disclosure of sensitive e‑commerce information such as orders, products, customers and coupon details, potentially compromising confidentiality and affecting business reputation.

Affected Systems

Creative Werk Designs publishes the affected plugin under the name Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets. Versions from the initial release through 1.8.2 are impacted. The issue exists in the export functionality that a site may routinely use to synchronize data with Google Sheets.

Risk and Exploitability

The CVSS score of 4.3 reflects a low to medium severity, while the EPSS score below 1% indicates a very low likelihood of real‑world exploitation at this time. The flaw is not yet listed in the CISA KEV catalog. The likely attack vector is inferred to be an unauthenticated or improperly authenticated user exploiting the plugin’s export endpoint, as explicit authorization checks are missing in the code.

Generated by OpenCVE AI on May 1, 2026 at 12:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to the latest available version (1.8.3 or newer) to incorporate the vendor’s fix for missing authorization.
  • Restrict administrative access to the plugin’s export interface to the administrator role and enforce least‑privilege policies on the WordPress site.
  • Disable or uninstall the plugin if it is not essential, and monitor the site’s logs for any anomalous export activity.

Generated by OpenCVE AI on May 1, 2026 at 12:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8454 Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2. Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets wpsyncsheets-woocommerce.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through <= 1.8.2.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Thu, 27 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 27 Mar 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2.
Title WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:04.175Z

Reserved: 2025-01-07T21:02:51.801Z

Link: CVE-2025-22667

cve-icon Vulnrichment

Updated: 2025-03-27T15:35:23.804Z

cve-icon NVD

Status : Deferred

Published: 2025-03-27T15:15:58.750

Modified: 2026-06-17T08:49:06.893

Link: CVE-2025-22667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T12:45:15Z

Weaknesses